Information disclosure in Nixos Nixpkgs

CVE-2026-23838

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `M…

EPSS: 0.002 (37.1th percentile) — read the EPSS interpretation.

Affected products

Nixos Nixpkgs — versions >= 23.05, < 26.05

Weakness classification (CWE)

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory

References

https://github.com/NixOS/nixpkgs/security/advisories/GHSA-g8w3-p77x-mmxh (x_refsource_CONFIRM)
https://github.com/NixOS/nixpkgs/issues/338339 (x_refsource_MISC)
https://github.com/NixOS/nixpkgs/pull/427845 (x_refsource_MISC)
https://github.com/NixOS/nixpkgs/pull/481140 (x_refsource_MISC)